make-csr function and confirmation button when warning is displayed

This commit is contained in:
Nicolas Roman 2019-07-09 18:07:47 +02:00
parent 1cf62beb55
commit 1b4231e1a9
4 changed files with 110 additions and 56 deletions

View File

@ -52,6 +52,7 @@ if (isset($_POST['submit'])) {
$domainsIncluded = array();
foreach ($_SESSION['letsencrypt-domains'] as $domain) {
$existingSSLCertificate = $letsencrypt->getCertificate($domain);
// if no certificate is present (false returned) for this domain, go to the next domain
if (is_bool($existingSSLCertificate)) {
continue;
}
@ -73,7 +74,7 @@ if (isset($_POST['submit'])) {
// check wether the certificate is valid or expired
$isCertValid = $letsencrypt->isCertValid($parsedCertificate["validUntil"]);
if (!$îsCertValid) {
if (!$îsCertValid && !isset($_POST['force_renew'])) {
$warningMessage = "Attention : le certificat existant n'est plus valide.
Souhaitez-vous le renouveller ?";
break 2;
@ -81,7 +82,7 @@ if (isset($_POST['submit'])) {
}
// contains all the domains included in the existing certificate
if (!empty($domainsIncluded)) {
if (!empty($domainsIncluded) && !isset($_POST['force_renew'])) {
$domainsNotIncluded = array_diff($_SESSION['letsencrypt-domains'], $domainsIncluded);
if (empty($domainsNotIncluded)) {
@ -96,11 +97,11 @@ if (isset($_POST['submit'])) {
}
// check HTTP
$checked_domains = $letsencrypt->checkRemoteResourceAvailability($_SESSION['letsencrypt-domains']);
$failed_domains = array_diff($_SESSION['letsencrypt-domains'], $checked_domains);
if (!empty($failed_domains)) {
$errorMessage = "Erreur : Le challenge HTTP a échoué pour le(s) domaine(s) ci-dessous.
Merci de vérifier que le dossier <code>/.well-known/</code> est accessible.";
$isRemoteResourceAvailable = $letsencrypt->checkRemoteResourceAvailability($_SESSION['letsencrypt-domains'][0]);
if (!$isRemoteResourceAvailable) {
$errorMessage = "Erreur : Le challenge HTTP a échoué.<br>
Merci de vérifier que le dossier <code>/.well-known/evoacme-challenge/</code> est accessible.";
break;
}
@ -115,6 +116,14 @@ if (isset($_POST['submit'])) {
break;
}
// make csr
$isCsrGenerated = $letsencrypt->makeCsr($params[1], $_SESSION['letsencrypt-domains']);
// evoacme TEST ou DRY RUN
// evoacme
// modifier configuration vhosts
// reload service web
}
include_once EVOADMIN_BASE . '../tpl/webadmin-letsencrypt.tpl.php';

View File

@ -7,7 +7,7 @@ namespace lib;
class LetsEncrypt
{
const HTTP_OK = 200;
const HTTP_CHALLENGE_URL = '/.well-known/acme-challenge';
const HTTP_CHALLENGE_URL = '/.well-known/acme-challenge/testfile';
/**
* create the file used to test the HTTP challenge
@ -28,56 +28,63 @@ class LetsEncrypt
}
/**
* perform a cURL call on the remote resource
* the cURL call follows redirections and pushes the last valid URL to an array
* @param Array $domains list of domains
* @return Array $checked_domains list of checked domains
* generate a CSR
* @param string $vhost
* @param Array $domains
* @return boolean
*/
public function checkRemoteResourceAvailability($domains)
public function makeCsr($vhost, $domains)
{
$domains = implode(' ', $domains);
$cmd = 'web-add.sh generate-csr ' . $vhost . ' ' . "$domains";
sudoexec($cmd ,$data_output, $exec_return);
if ($exec_return == 0) {
return true;
}
return false;
}
/**
* perform a cURL call on the remote resource
* the cURL call follows redirections
* @param Array $domains list of domains
* @return boolean
*/
public function checkRemoteResourceAvailability($domain)
{
$this->createFileHttpChallenge();
$curl_multi = curl_multi_init();
$curl_handles = array();
$checked_domains = array();
$curl_handler = curl_init();
foreach ($domains as $key => $domain) {
$curl_handles[$key] = curl_init($domain . self::HTTP_CHALLENGE_URL);
// setting cURL options
curl_setopt($curl_handler, CURLOPT_URL, $domain . self::HTTP_CHALLENGE_URL);
curl_setopt($curl_handler, CURLOPT_TIMEOUT, 3);
curl_setopt($curl_handler, CURLOPT_HEADER, true);
curl_setopt($curl_handler, CURLOPT_NOBODY, true);
curl_setopt($curl_handler, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl_handler, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($curl_handler, CURLOPT_MAXREDIRS, 3);
curl_setopt($curl_handler, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS);
curl_setopt($curl_handler, CURLOPT_RETURNTRANSFER, true);
// setting cURL options
curl_setopt($curl_handles[$key], CURLOPT_TIMEOUT, 3);
curl_setopt($curl_handles[$key], CURLOPT_HEADER, true);
curl_setopt($curl_handles[$key], CURLOPT_NOBODY, true);
curl_setopt($curl_handles[$key], CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl_handles[$key], CURLOPT_FOLLOWLOCATION, true);
curl_setopt($curl_handles[$key], CURLOPT_MAXREDIRS, 3);
curl_setopt($curl_handles[$key], CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS);
curl_setopt($curl_handles[$key], CURLOPT_RETURNTRANSFER, true);
curl_exec($curl_handler);
curl_multi_add_handle($curl_multi, $curl_handles[$key]);
}
do {
curl_multi_exec($curl_multi, $active);
} while ($active);
foreach ($curl_handles as $curl_handle) {
$returned_http_code = curl_getinfo($curl_handle, CURLINFO_HTTP_CODE);
$returned_http_url = curl_getinfo($curl_handle, CURLINFO_EFFECTIVE_URL);
if ($returned_http_code === self::HTTP_OK && strpos($returned_http_url, self::HTTP_CHALLENGE_URL)) {
$returned_http_url = str_replace(self::HTTP_CHALLENGE_URL, '', $returned_http_url);
$returned_http_url = preg_replace('#^https?://#', '', $returned_http_url);
array_push($checked_domains, $returned_http_url);
}
curl_multi_remove_handle($curl_multi, $curl_handle);
}
curl_multi_close($curl_multi);
$returned_http_code = curl_getinfo($curl_handler, CURLINFO_HTTP_CODE);
$returned_http_url = curl_getinfo($curl_handler, CURLINFO_EFFECTIVE_URL);
$this->deleteFileHttpChallenge();
return $checked_domains;
if ($returned_http_code === self::HTTP_OK && strpos($returned_http_url, self::HTTP_CHALLENGE_URL)) {
$returned_http_url = str_replace(self::HTTP_CHALLENGE_URL, '', $returned_http_url);
$returned_http_url = preg_replace('#^https?://#', '', $returned_http_url);
return true;
}
return false;
}
/**

View File

@ -853,6 +853,9 @@ arg_processing() {
manage-http-challenge-file)
op_managehttpchallengefile "$@"
;;
generate-csr)
op_makecsr "$@"
;;
*)
usage
;;
@ -860,16 +863,41 @@ arg_processing() {
fi
}
op_makecsr() {
if [ $# -gt 1 ]; then
vhost="$1"
domains=""
# remove the first argument to keep only the domains
shift 1
for domain in "$@"; do
domains="${domains:+${domains} }${domain}"
done
# pipe the domains to make-csr because we don't have STDIN
echo "$domains" | make-csr "$vhost"
else usage
fi
}
op_managehttpchallengefile() {
if [ $# -eq 1 ]; then
file="/var/lib/letsencrypt/.well-known/acme-challenge"
folder="/var/lib/letsencrypt/.well-known/acme-challenge"
file="testfile"
action=${1};
if [ "$action" = "create" ]; then
touch "$file"
chmod 755 "$file"
if [ ! -d "$folder" ]; then
mkdir "$folder"
fi
if [ ! -f "$folder/$file" ]; then
touch "$folder/$file"
fi
chmod -R 755 "$folder"
elif [ "$action" = "delete" ]; then
rm "$file"
rm -r "$folder"
else usage
fi
else usage

View File

@ -2,8 +2,8 @@
<?php
if (isset($_POST['submit'])) {
if (!empty($error_message)) {
echo '<span class="form-error">' . $error_message . '</span>';
if (!empty($errorMessage)) {
echo '<span class="form-error">' . $errorMessage . '</span>';
if (count($failed_domains) > 0) {
echo '<p>';
@ -12,8 +12,18 @@ if (isset($_POST['submit'])) {
}
echo '</p>';
}
} elseif (!empty($warningMessage)) {
echo '<span class="form-warning">' . $warningMessage . '</span>'; ?>
<form name="form-confirm-renew-cert" id="form-confirm-renew-cert" action="" method="POST">
<p>
<input type="hidden" name="force_renew">
<input type="submit" name="submit" value="Confirmer le renouvellement" style="margin-left:0px;">
</p>
</form>
<?php
} else {
echo 'checks succeeded.';
echo "all checks succeeded";
}
} else {
echo "<p>Les domaines suivants seront intégrés au certificat : </p>";
@ -24,7 +34,7 @@ if (isset($_POST['submit'])) {
}
echo '</p>';
?>
<form name="form-confirm-delete-alias" id="form-confirm-delete-alias" action="" method="POST">
<form name="form-confirm-install-cert" id="form-confirm-install-cert" action="" method="POST">
<p><input type="submit" name="submit" value="Installer le certificat" style="margin-left:0px;"></p>
</form>
<?php